Looking at it this way, Ralsky is the worst mass murderer of modern times.
LIke I said, I think we are getting a bit carried away here. I'm all for making spam illegal, but, until we do, I think there are worse problems out there.
Although I'd imagine that if you were the one paying the postage on that one out of three, you'd be plenty pissed.
Depends how much it costs and how much time it wastes. Time is money, and opening envelopes takes me a lot more time tban clicking on the delete icon. My connection isn't capped, and, even if it were, the monthly spam-related traffic would be a small percentage of one customer's download.
It isn't a crime in most places. If everyone wants spam to be illegal, sure, I'll vote for it. But I really don't think it is the most serious antisocial behaviour on the Internet at present. I'd put viruses and DoS attacks a lot higher, for example, and I don't think I'm alone in this.
Spam is annoying, but is it actually that serious?
Soon spam will swamp everything else. The very article that claimed this states that One-third of the 30 billion e-mails sent worldwide each day are spam. In other words, 2 emails out of three aren't. If my postman could guarantee that 2 envelopes out of 3 that land in my letterbox will be sollicited, I'd be very happy.
Spam uses server resources. Yes, but when ISPs talk about reducing bandwidth in other ways, for example by capping user allocations, everyone on/. says how pointless this is when bandwidth is so cheap. So is it cheap or not?
Spam costs the user money. Yes, but the cost of downloading a spam is minute compared with the cost in lost productivity of an employee reading a joke email, or even this posting. If 99.75% of spams never get opened (and quite a lot of those never even get to the user's inbox), the amount of wasted time they account for probably isn't huge.
OK, spam is not a good thing, but aren't we getting a little carried away here? Personally, I find website pop-ups much more annoying than spam, especially when they crash Mozilla...
I've read this comment and the parent a couple of times, and I can't see how it helps at all. If what you are suggesting is that anyone sending mail from my cybercafe gets my mail server whether they want it or not, doesn't this make things worse, in that I get the blame for all the spam even if they try to send it via someone else?
On monitoring, some Al Quaida suspects were found shortly after 911 in a parisian cybercafe, and there was talk at the time of requiring us to record the content of all our customers' communications. Quite how this would work with webmail beats me, but, in any case, the idea seems to have gone away again for the moment.
After a day off with the kids I've calmed down a bit, and also thought about which bit of this system I don't like:
Blocking spam is a good plan
Having a centralised list is a good plan
Having an anonymous list is a necessary evil
Doing the blocking by IP address of smtp server is the only way to go
The bit that I object to is the IP range thing. This system, and most of the people shouting at me on this thread, assume a system where you have a company administering an IP range with dial-up users. If that is the case, blocking the IP range is reasonable, it's tough on the users, but getting a new dial up account, or even keeping several on the go at once, is not a big deal.
In our particular case, which is far from unique and increasingly common for small businesses, we lease a server in a server park. So we get an IP address in the range of the people who own the server park, but they have no control over what they do with their smtp server, and they have no control over what we do with ours. Our machine is sqeaky clean, yet we get blocked because of the sins of some other independent server in the same park. This makes no sense on any level:
It damages my reputation with my customers, although we have done nothing wrong
Changing server parks is far from trivial, and takes weeks rather than hours, especially if some of the domains you host are administered by third parties, so you don't do it because of a transient problem. This means that there is no economic pressure on the ISP, but my my reputation is damaged long term (note that my ISP appears to be pretty clean on the whole, as we've only been blocked the once, for a week, but one week of my client's clients receiving 'you are writing to a spammer' messages is quite enough to damage their business and therefore ours)
The effect of this is to encourage end users to host with big companies who do have control over their IP ranges, ie it's bad for us, and good for some of the people who help spam
So I guess what I want is some way to say to the world that IP address X is mine, I take responsibility for it, punish me for my sins but not for those of the people with whom I happen to share a park. How difficult can this be? Sounds like one more table in a database...
It occurred to me halfway round the supermarket. As I understand it, what gets blocked is the smtp server. So SPEW must be generating a huge market for clean smtp servers. Cheap to run, low bandwidth, you could ask for ID and make people sign contracts, and I reckon anyone who has been blocked because of a SPEW vendetta against someone else is going to seriously consider paying $10 a month to solve the problem in days, rather than hoping their ISP jumps through the hoops before they go out of business. Doesn't encourage spam, stuffs SPEW, makes money. Anyone see a catch?
t's a perfect democracy, a government who rules solely with the consent of the ruled
Really? So, if I'd paid for a year's hosting up front, how does my server opt out of its server park without costing me a lot of money?
Sounds more like Western democracy, where those in one country make decisions to kill people in another country on the basis of dubious intelligence. Except that, to be a fair analogy, the USA would be billing Iraqi civilians for the bombs that kill their children, and expecting the parents to thank them for letting them take part in the heroic war.
Europeans and Chinese have a far older and more refined tradition of hurting people, involving all kinds of unpleasant equipment.
Good, good, so we are indeed buying into the ethical values of the Spanish Inquisition.
Of course most of the people who were tortured were innocent, and the end result was that the dissidents they had been trying to wipe out took over most of Northern Europe and founded America, while the organisation responsible for the torture lost out wholesale, but, apart from that, I think it's a winning model. Turning the people you hate into martyrs is always a great way to go.
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
As it happens, we pay monthly, but it is common to pay for small servers one year at a time. In which case doing what you suggest could cost £2000 or so.
That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome.
Except that, as I've already pointed out several times, a professional spammer can afford to lease a machine a week, even if it gets shut down at the end of the week, and, apparently, this is just fine with SPEW.
I don't get it: every time federal government thinks about having a discussion that might result in a bill that might be passed that might one day be amended to possibly reduce the freedom of one cracker, 1,000/.ers start ranting about infringement of freedom, but having SPEW zap people's businesses for the hell of it is apparently a really neat idea...
I'm not an ISP, the spam in question was not from one of my customers, the system in question was not under my control...
See, was that so hard?
It's downright impossible, because I'm not an ISP. There are four short words in that sentence, which one is causing the problem? You are shouting at the wrong person, just as SPEW blocks the wrong IP addresses.
The logic of SPEW is that you hurt the innocent little people to put pressure on the big guilty people. That approach is wrong in principle, and is accepted as wrong in every other area I can think of. You don't beat up people's kids because their dad owes you money and is bigger than you. This is Godfather morality!
And even if you want to live in that sort of world, the starting point was an article saying that none of the SPEW-type systems are going to work anyway!
Let's think about this for 30 nanoseconds. If I need to send emails to someone, and I discover that the emails are returned because of SPEW, am I going to
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
From where I'm sitting, not using SPEW sounds like a great selling point for any ISP. Or, to put it another way, does 'we promise to randomly stop delivering some of your emails for reasons that have nothing to do with you or the person you want to communicate with' sound like a good sales pitch?
On an earlier occasion some ISPs used by certain branches of a company whose email we host started bouncing redirected emails from our server. We solved the problem by telling those branches to find another ISP. Is this how the system is going to work? Because anyone with a job to do is going to do the same thing.
How about just what the previous poster said:
shut them down if they start spamming, which would fall into "none of the above"
So just to get this straight, if my ISP sells 5,000 RaQs a day to spammers for $100, lets them send spam non-stop until someone complains, and then closes their account, that's OK, but if they fail to act immediately on one client on one of their x thousand machines, all their customers get blacklisted?
no private detective needed, just type the guy's name into Google
I leased a second server from these people a couple of weeks ago. We did the whole thing by telephone in the name of a company in a different country. So how would they have decided if I was an abominable Australian before I had spammed 5 million people or so?
The listing worked exactly as intended
You mean I almost lost customers because of a problem that had nothing to do with me and over which I had no control, along with a few thousand other completely innocent people, and the bad guy is still in business?
Sounds like current American foreign policy, and it's about as effective in terms of making friends. Before this incident, I was wondering about signing up for something like SPEW, but there is no way I'm going to do so now, and the more SPEW punishes the innocent to get at the guilty at a ratio of several thousand to one, the more people are going to opt out of the fight against spam. If that's what the people who run SPEW want, they're doing a great job.
and managing to identify people responding to spam.
Why is this any more difficult than identifying the people sending the spam, except that the spammers are trying to hide and the people responding aren't?
You maintain a db of response urls on the basis of known spam messages, and you make the ISPs record whenever one of their customers attempts to access one of those urls. You set a suitable fine ($1 a click ought to do it) and the ISP adds the monthly total to the direct debit, in much the same way that they add sales tax at the moment. In the case of free webmail, you give the customer 3 warnings and then close his account.
Not ideal, but it would work a lot better than blacklisting half a million domains at a time with SPEW in order to punish one offender who has already moved on. I would expect your average user to never click on a link in an email again after the first month.
Prevent outgoing connections into port 25 from other computers than mail server
The whole reason we have a laptop connection in our cybercafe in addition to our own machines is that people want to be able to send using their email client, attach files, collect mail and walk away with it etc, so what you are suggesting would effectively mean we could just stop offering the service.
Log user activities, it is nice to have evidence when going to court
Yes, but
How does that help me once the perpetrator has picked up his laptop, walked out of the door and probably left the country? We don't demand proof of ID from our customers
If you came to my cybercafe, would you necessarily want me monitoring your activities?
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole/16?
The ISP in question leases servers one by one to individuals and companies. They hand over the root password, and off you go. So what exactly does slashdot think they should do?
Monitor exactly what every customer does with their private server?
Ban their clients from installing software that will send more than one email at a time?
Have a private detective check on any potential clients to make sure they have no connection with the spamming trade?
Some other brilliant plan that slashdot would promptly cite as a reprehensible attack on privacy?
The best they can do is to close the accounts of spammers once they are reported. But since their entry level machines cost under $100 up front, one spam campaign per machine is still viable. So maybe slashdot thinks that hosting should become more expensive? I'm sorry, but the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.
If it took a/16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.
The/16 block thing didn't work either, the support guy basically said 'the people refusing your mail are cretins, they'll probably get over it'. Which they did.
Remember when push-scooters first started to become fashionable?
I first saw one in Vienna, and thought it was really neat. Almost bought one to take home with me. Glad I didn't, because once every kid on the block had one they moved from 'really neat' to 'really sad'. In the same way, this electric beer keg thing is only going to remain desirable as long as no-one actually buys one. And maybe not that long.
Err, I think that is exactly what I said: if your address isn't public, you are only going to get emails from spammers, so why bother checking the mailbox at all?
The FA in question says
Or at least it's about to destroy the e-mail we're used to: the tool that lets a stranger respond to something you posted on your Web site or that lets a potential client contact you after reading an article you wrote.
A website email form would handle both those cases, and wouldn't get you 10 spams a day...
Why not make it illegal to respond to spam? If no-one responds, the spammers don't get paid, so they stop. Of course it might upset the civil liberties people, but if we can just get 'spammer' and 'axis of evil' into the same sentence I think Congress might go for it.
Not sure how having an email address that no-one knows about helps strangers to contact you, unless the strangers are clairvoyant or trying addresses at random.
Wouldn't one solution be for people to put non-mailto email forms on their websites for people who don't know them and keep their email addresses for people they do know?
If one complain about a customer with an proven
case of spam would arrive at a abuse department,
shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
doesn't each gigabyte of data transferred cost ISPs something like 10 cents?
Possibly, but they also have to install, power and maintain the servers, pay their staff, handle support calls, investigate DoS attacks (to and from their machines), fight court cases and so on. Also, their contention rate may not be anything like 1 to 1, so if everyone tried to use the system flat out, the whole system might grind to a halt.
Capping the speed is bad, because it affects the quality of the service. Capping the total amount of data on a monthly basis is just dumb. On the other hand, charging for extra bandwidth sounds like common sense to me.
If you don't like it, find an ISP that offers unlimited everything, take all your high-bandwidth friends with you, and watch the ISP go out of business. My guess is that as the ISP market matures we are going to end up with a system where the people who use it the most pay the most, ie just like any other industry where usage consumes resources.
Slashdot Mirror
Looking at it this way, Ralsky is the worst mass murderer of modern times.
LIke I said, I think we are getting a bit carried away here. I'm all for making spam illegal, but, until we do, I think there are worse problems out there.
So your company doesn't use SPEWS? Or is it that SPEWS doesn't actually work?
I like Opera, but the interface is just to freaky for walk-in clients.
Although I'd imagine that if you were the one paying the postage on that one out of three, you'd be plenty pissed.
Depends how much it costs and how much time it wastes. Time is money, and opening envelopes takes me a lot more time tban clicking on the delete icon. My connection isn't capped, and, even if it were, the monthly spam-related traffic would be a small percentage of one customer's download.
proving that crime DOES pay.
It isn't a crime in most places. If everyone wants spam to be illegal, sure, I'll vote for it. But I really don't think it is the most serious antisocial behaviour on the Internet at present. I'd put viruses and DoS attacks a lot higher, for example, and I don't think I'm alone in this.
Spam is annoying, but is it actually that serious?
OK, spam is not a good thing, but aren't we getting a little carried away here? Personally, I find website pop-ups much more annoying than spam, especially when they crash Mozilla...
I've read this comment and the parent a couple of times, and I can't see how it helps at all. If what you are suggesting is that anyone sending mail from my cybercafe gets my mail server whether they want it or not, doesn't this make things worse, in that I get the blame for all the spam even if they try to send it via someone else?
On monitoring, some Al Quaida suspects were found shortly after 911 in a parisian cybercafe, and there was talk at the time of requiring us to record the content of all our customers' communications. Quite how this would work with webmail beats me, but, in any case, the idea seems to have gone away again for the moment.
After a day off with the kids I've calmed down a bit, and also thought about which bit of this system I don't like:
The bit that I object to is the IP range thing. This system, and most of the people shouting at me on this thread, assume a system where you have a company administering an IP range with dial-up users. If that is the case, blocking the IP range is reasonable, it's tough on the users, but getting a new dial up account, or even keeping several on the go at once, is not a big deal.
In our particular case, which is far from unique and increasingly common for small businesses, we lease a server in a server park. So we get an IP address in the range of the people who own the server park, but they have no control over what they do with their smtp server, and they have no control over what we do with ours. Our machine is sqeaky clean, yet we get blocked because of the sins of some other independent server in the same park. This makes no sense on any level:
So I guess what I want is some way to say to the world that IP address X is mine, I take responsibility for it, punish me for my sins but not for those of the people with whom I happen to share a park. How difficult can this be? Sounds like one more table in a database...
It occurred to me halfway round the supermarket. As I understand it, what gets blocked is the smtp server. So SPEW must be generating a huge market for clean smtp servers. Cheap to run, low bandwidth, you could ask for ID and make people sign contracts, and I reckon anyone who has been blocked because of a SPEW vendetta against someone else is going to seriously consider paying $10 a month to solve the problem in days, rather than hoping their ISP jumps through the hoops before they go out of business. Doesn't encourage spam, stuffs SPEW, makes money. Anyone see a catch?
t's a perfect democracy, a government who rules solely with the consent of the ruled
Really? So, if I'd paid for a year's hosting up front, how does my server opt out of its server park without costing me a lot of money?
Sounds more like Western democracy, where those in one country make decisions to kill people in another country on the basis of dubious intelligence. Except that, to be a fair analogy, the USA would be billing Iraqi civilians for the bombs that kill their children, and expecting the parents to thank them for letting them take part in the heroic war.
Europeans and Chinese have a far older and more refined tradition of hurting people, involving all kinds of unpleasant equipment.
Good, good, so we are indeed buying into the ethical values of the Spanish Inquisition.
Of course most of the people who were tortured were innocent, and the end result was that the dissidents they had been trying to wipe out took over most of Northern Europe and founded America, while the organisation responsible for the torture lost out wholesale, but, apart from that, I think it's a winning model. Turning the people you hate into martyrs is always a great way to go.
In this specific case, the choice was moving a website, a domain name, 400 email addresses etc, or telling half a dozen people to stick the next free CD ROM that drops through their door into their PC. They use email redirection, so changing their ISP was no big deal.
As it happens, we pay monthly, but it is common to pay for small servers one year at a time. In which case doing what you suggest could cost £2000 or so.
That way ISPs find that hosting spammers is bad for business, and spammers find that they are no longer welcome.
Except that, as I've already pointed out several times, a professional spammer can afford to lease a machine a week, even if it gets shut down at the end of the week, and, apparently, this is just fine with SPEW.
And what can you do about it? Zippo!
I don't get it: every time federal government thinks about having a discussion that might result in a bill that might be passed that might one day be amended to possibly reduce the freedom of one cracker, 1,000 /.ers start ranting about infringement of freedom, but having SPEW zap people's businesses for the hell of it is apparently a really neat idea...
If you're an ISP
I'm not an ISP, the spam in question was not from one of my customers, the system in question was not under my control...
See, was that so hard?
It's downright impossible, because I'm not an ISP. There are four short words in that sentence, which one is causing the problem? You are shouting at the wrong person, just as SPEW blocks the wrong IP addresses.
The logic of SPEW is that you hurt the innocent little people to put pressure on the big guilty people. That approach is wrong in principle, and is accepted as wrong in every other area I can think of. You don't beat up people's kids because their dad owes you money and is bigger than you. This is Godfather morality!
And even if you want to live in that sort of world, the starting point was an article saying that none of the SPEW-type systems are going to work anyway!
Let's think about this for 30 nanoseconds. If I need to send emails to someone, and I discover that the emails are returned because of SPEW, am I going to
a: stop communicating with that person until they put pressure on their ISP to change their spamming policy or
b: find another way of sending email to that person?
From where I'm sitting, not using SPEW sounds like a great selling point for any ISP. Or, to put it another way, does 'we promise to randomly stop delivering some of your emails for reasons that have nothing to do with you or the person you want to communicate with' sound like a good sales pitch?
On an earlier occasion some ISPs used by certain branches of a company whose email we host started bouncing redirected emails from our server. We solved the problem by telling those branches to find another ISP. Is this how the system is going to work? Because anyone with a job to do is going to do the same thing.
How about just what the previous poster said: shut them down if they start spamming, which would fall into "none of the above"
So just to get this straight, if my ISP sells 5,000 RaQs a day to spammers for $100, lets them send spam non-stop until someone complains, and then closes their account, that's OK, but if they fail to act immediately on one client on one of their x thousand machines, all their customers get blacklisted?
Can't help thinking that there is more useful applications software for the brain.
no private detective needed, just type the guy's name into Google
I leased a second server from these people a couple of weeks ago. We did the whole thing by telephone in the name of a company in a different country. So how would they have decided if I was an abominable Australian before I had spammed 5 million people or so?
The listing worked exactly as intended
You mean I almost lost customers because of a problem that had nothing to do with me and over which I had no control, along with a few thousand other completely innocent people, and the bad guy is still in business?
Sounds like current American foreign policy, and it's about as effective in terms of making friends. Before this incident, I was wondering about signing up for something like SPEW, but there is no way I'm going to do so now, and the more SPEW punishes the innocent to get at the guilty at a ratio of several thousand to one, the more people are going to opt out of the fight against spam. If that's what the people who run SPEW want, they're doing a great job.
and managing to identify people responding to spam.
Why is this any more difficult than identifying the people sending the spam, except that the spammers are trying to hide and the people responding aren't?
You maintain a db of response urls on the basis of known spam messages, and you make the ISPs record whenever one of their customers attempts to access one of those urls. You set a suitable fine ($1 a click ought to do it) and the ISP adds the monthly total to the direct debit, in much the same way that they add sales tax at the moment. In the case of free webmail, you give the customer 3 warnings and then close his account.
Not ideal, but it would work a lot better than blacklisting half a million domains at a time with SPEW in order to punish one offender who has already moved on. I would expect your average user to never click on a link in an email again after the first month.
Prevent outgoing connections into port 25 from other computers than mail server
The whole reason we have a laptop connection in our cybercafe in addition to our own machines is that people want to be able to send using their email client, attach files, collect mail and walk away with it etc, so what you are suggesting would effectively mean we could just stop offering the service.
Log user activities, it is nice to have evidence when going to court
Yes, but
Would your ISP have terminated their spammer if SPEWS hadn't escalated their listing to the whole /16?
The ISP in question leases servers one by one to individuals and companies. They hand over the root password, and off you go. So what exactly does slashdot think they should do?
The best they can do is to close the accounts of spammers once they are reported. But since their entry level machines cost under $100 up front, one spam campaign per machine is still viable. So maybe slashdot thinks that hosting should become more expensive? I'm sorry, but the SPEW thing just isn't going to work unless we want far more intrusion by ISPs.
If it took a /16 block to force them to terminate him, then certainly no number of polite mails to abuse@ would have worked.
The /16 block thing didn't work either, the support guy basically said 'the people refusing your mail are cretins, they'll probably get over it'. Which they did.
Remember when push-scooters first started to become fashionable?
I first saw one in Vienna, and thought it was really neat. Almost bought one to take home with me. Glad I didn't, because once every kid on the block had one they moved from 'really neat' to 'really sad'. In the same way, this electric beer keg thing is only going to remain desirable as long as no-one actually buys one. And maybe not that long.
Err, I think that is exactly what I said: if your address isn't public, you are only going to get emails from spammers, so why bother checking the mailbox at all?
The FA in question says
A website email form would handle both those cases, and wouldn't get you 10 spams a day...
Why not make it illegal to respond to spam? If no-one responds, the spammers don't get paid, so they stop. Of course it might upset the civil liberties people, but if we can just get 'spammer' and 'axis of evil' into the same sentence I think Congress might go for it.
Not sure how having an email address that no-one knows about helps strangers to contact you, unless the strangers are clairvoyant or trying addresses at random.
Wouldn't one solution be for people to put non-mailto email forms on their websites for people who don't know them and keep their email addresses for people they do know?
If one complain about a customer with an proven case of spam would arrive at a abuse department, shut that account down.
I don't think it's quite as easy as that. If one customer using my laptop gateway sends a spam from my IP address, is that the end of my cybercafe? If one angry employee at IBM sets off a spamming program as he walks out the door, does IBM vanish from the Internet?
A while back our server got blacklisted for a week or so by SPEW because it was in the same 16-bit IP range as a machine that has been used for spam. That's potentially 65k machines! It was at this point that I vowed not to co-operate with any of these anti-spam measures, which inevitably martyr innocent users at random and don't touch the big spammers with the resources to change IP address and ISP three times a day if necessary. The cure is worse than the original disease!
doesn't each gigabyte of data transferred cost ISPs something like 10 cents?
Possibly, but they also have to install, power and maintain the servers, pay their staff, handle support calls, investigate DoS attacks (to and from their machines), fight court cases and so on. Also, their contention rate may not be anything like 1 to 1, so if everyone tried to use the system flat out, the whole system might grind to a halt.
Capping the speed is bad, because it affects the quality of the service. Capping the total amount of data on a monthly basis is just dumb. On the other hand, charging for extra bandwidth sounds like common sense to me.
If you don't like it, find an ISP that offers unlimited everything, take all your high-bandwidth friends with you, and watch the ISP go out of business. My guess is that as the ISP market matures we are going to end up with a system where the people who use it the most pay the most, ie just like any other industry where usage consumes resources.